Engineer, IAM
About the role
We are Optimum, a leader in the fast-paced world of connectivity, and we're seeking driven and enthusiastic professionals to join our team. Our successes, now and in the future, are powered by our amazing product, a commitment to our people and culture, and the connections we make in our communities.
If you are resourceful, collaborative, and passionate about delivering consistent excellence, Optimum is for you!
Job Summary
As an Identity & Access Management Engineer on the Customer IAM team, you are a hands-on practitioner responsible for the configuration, integration, and ongoing operations of our enterprise Customer IDP platform. You translate IAM strategy into working solutions, building authentication flows, provisioning connectors, and migration integrations that application teams across the company rely on every day.
Responsibilities
- CIAM Platform Configuration & Operations
- Administer and configure the enterprise customer identity platform, including application integrations (OIDC, SAML), authentication policies, MFA, and network/security settings
- Manage identity data and lifecycle processes, including directory schema, attribute mappings, group rules, and automated provisioning/de-provisioning (SCIM, workflows)
- Configure and maintain authorization services, including scopes, claims, and access policies aligned to application requirements
- Maintain operational documentation, runbooks, and support materials for internal and customer-facing teams
- Authentication Integration & Migration
- Execute application migrations from legacy authentication systems to modern CIAM solutions using established playbooks
- Configure and validate authentication integrations (OIDC, SAML), ensuring secure and seamless end-to-end authentication experiences
- Test authentication and authorization flows across development, staging, and production environments, and coordinate issue resolution with application teams
- Support implementation of advanced authentication methods, including MFA and passwordless or phishing-resistant mechanisms
- Track migration progress and contribute to reporting for application onboarding and modernization efforts
- Developer Support & Enablement
- Serve as a technical advisor to application development teams integrating with the CIAM platform
- Provide guidance on authentication design, token usage, and session management aligned with identity standards
- Develop and maintain documentation, integration guides, and code samples to enable efficient onboarding
- Troubleshoot complex authentication and provisioning issues using system logs, browser diagnostics, and application insights
- Participate in architecture reviews and promote secure, standards-based identity patterns
- Contribute to knowledge sharing through documentation, demos, and team enablement sessions
- Security, Compliance & Continuous Improvement
- Implement and maintain authentication and access controls aligned with enterprise security policies and data sensitivity requirements
- Support audit and compliance activities (e.g., SOX, SOC 2, PCI-DSS) including evidence collection and access reporting
- Participate in identity-related incident response and contribute to root cause analysis and process improvement
- Maintain platform security hygiene, including policy reviews, removal of unused configurations, and credential/token management
- Build and enhance automation using scripting or Infrastructure-as-Code tools (e.g., Terraform) to improve consistency and reduce manual effort
- Contribute to CI/CD processes for identity configuration changes, including testing, peer review, and deployment
- Evaluate new platform capabilities and support proof-of-concept implementations for continuous improvement
Qualifications
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field (or equivalent experience)
- 3+ years of experience in Identity & Access Management, cybersecurity, or a related technical field with hands-on platform administration
- Experience administering CIAM or identity provider platforms in production environments, including authentication policies, integrations, and lifecycle management
- Working knowledge of identity standards and protocols such as OAuth 2.0, OpenID Connect (OIDC), SAML, and SCIM
- Experience troubleshooting authentication and provisioning issues using logs, browser tools, and diagnostic methods
- Ability to write code or automation scripts in at least one modern language (e.g., JavaScript, Python, Java, Go)
- Experience working with application development teams in a technical advisory or enablement capacity
- Familiarity with cloud platforms (AWS, Azure, or GCP) and identity integrations
Pay
The starting pay rate/range at time of hire for this position in New York is $83,538.00 - $137,241.00 / year. For other locations, please inquire with your recruiter.